Skip to main content
cancel
Showing results for 
Search instead for 
Did you mean: 

Earn the coveted Fabric Analytics Engineer certification. 100% off your exam for a limited time only!

Reply
Dineth
New Member

Azure App registration with Power BI API

HI All,

I m very new to this forum, I hoipe this is the correct place to post this question.

 

I have a follwoing requiremnet form our business and as an O365 admin I have to answer to this, can someone please help me on this.

Business unit asking following 

 

1. O365 Service account without MFA with Power BI Pro licence assigned

2. Register an Azure Native Application with Power BI view permissions API 

3. Add the service account as the owner on this Application

 

My question is when I try to give the API permission I can see following table, in there the view permission is for the whole tenant ( all workspaces). SO does it means if I resgiter the above  azure application with the service account , will that service account be able to read all worspace data using the registered application ? If yes how can we restict to not to read all worspace data, just only the specific workspace data as we have very confidential data stored on some other work spaces. 

Are ther any other better way to do this. 

 

Read and write all dataflows
View all dataflows
Read and write all content in tenant
Read and Write all Reports
View users Groups
View all Groups
View all Reports (preview)
reate content (preview)
View content properties (preview)
Read and Write all Datasets
View all Datasets
View all Dashboards (preview)
Add data to a user's dataset (preview)
Read and Write all Dashboards
View all content in tenant
Read and write all workspaces
View all workspaces
Read and write all capacities
View all capacities
 
Thanks for your guidence. 
1 REPLY 1
zoloturu
Memorable Member
Memorable Member

Hi @Dineth,

 

I think the better way of solving this would be to have all workspaces owned by account different than your app service account.

So you give access to each workspace from the main account to your service account to specific workspaces with specific access.

 

How to give specific access to a particular workspace:

 

Regarding registering Azure app - mark only Read options. Select Native app type. And this account will be an owner of this app because at the top you do log in - https://dev.powerbi.com/apps

 

Regards,
Ruslan
-------------------------------------------------------------------
Did I answer your question? Mark my post as a solution!

Helpful resources

Announcements
April AMA free

Microsoft Fabric AMA Livestream

Join us Tuesday, April 09, 9:00 – 10:00 AM PST for a live, expert-led Q&A session on all things Microsoft Fabric!

March Fabric Community Update

Fabric Community Update - March 2024

Find out what's new and trending in the Fabric Community.